|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mimail pattern?
From: Mark Jeftovic (mark
jeftovic.net)
Date: Fri Aug 01 2003 - 19:16:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've noticed the subject line is "your account" followed by a bunch
of spaces and then 8 random characters.
So far this is working for me:
/^Subject: your account\s{5,}.{8,8}/ REJECT Mimail Virus Detected
(using pcre of course)
-mark
On 1 Aug 2003, Chateauneuf wrote:
> On Fri, 2003-08-01 at 20:01, Mark Jeftovic wrote:
> > New worm, mimail...
> >
> > http://zdnet.com.com/2100-1105_2-5059087.html
> >
> > Anyone gotten enough of these to analyze a pattern?
> >
> > Using just the subject may be too loose.
> >
> > -mark
>
> That URL wouldn't resolve but we have had some discussion in DShield.
> The volume seems to be picking up. All that I have received have been
> addressed to Adminyourdomain. Most of what I received came from a DSL
> on PacBell.
>
--
mark jeftovic
http://www.easydns.com
http://mark.jeftovic.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]